Enterprise Chrome Users Get New Browser Security Features

With Chrome 63, Google has released new site isolation and browser extension control features for enterprises.


Google has introduced several enterprise-specific security features in Chrome 63, the latest version of its browser announced Dec. 6.

Among them are a new site isolation capability, better control over browser extensions and broader support for new security standards.

In a blog announcing the new features, Google Product Manager Matt Blumberg this week also offered a preview of planned security updates to the browser in 2018. He described the updates as part of Google's ongoing efforts to protect enterprises from ransomware, malware and other security threats.

The Site Isolation feature in the new Chrome 63 is designed to let administrators configure desktop browsers in such a way that it renders content from different websites in separate processes. The goal is to keep websites that are open in different tabs completely separate from each other to limit damage from web attacks.

Administrators can choose to enforce site isolation for all websites, or they can choose to do it for specific websites only. Implementing site isolation for all websites—while the most secure option—can increase memory on user systems by up to 20 percent, according to Google.

Google has previously described the Site Isolation feature as a better approach to browser security than Microsoft's approach of deploying new technologies for mitigating remote code exploits (RCE) in it Edge browser.

In a Medium blog this February, the director of Google Chrome, Justin Schuh, described Microsoft's RCE mitigation technologies such as MemGC, Control Flow Guard and JavaScript Hardening as effective but requiring constant updates to keep up with attackers. Google's Site Isolation approach, in contrast, builds on recent security enhancements in modern operating systems and is more effective over the long term, he noted.

"Site isolation represents multiple engineering decades of work, and will ultimately allow Chrome’s renderer sandbox to enforce web origin restrictions," Schuh said. "That is a far more robust security guarantee than any other browser is currently even attempting."

In addition to site isolation, the new version of Chrome supports a feature that allows administrators to restrict access to browser extensions based on permissions. As an example, an administrator could configure the feature to ensure that any extension requiring access to the computer's microphone or webcam is blocked, Blumberg said. Administrators can configure policy simply by choosing from a list of options in a dropdown menu.

Starting this week, Gmail users who use Chrome will also get more communication security via new support for the Transport Layer Security 1.3 protocol (TLS 1.3).

When Google launches Chrome 64 in early 2018, the browser will feature support for NTLMv2—a protocol for authenticating systems in Windows networks. With Chrome 65 scheduled for release later next year, NTLMv2 will become the default NT LAN Manager protocol on the browser. Chrome 68, scheduled for a July 2018 release, will support features that prevent third-party applications from injecting code into the browser on Windows, Blumberg said.

Jaikumar Vijayan

Jaikumar Vijayan

Vijayan is an award-winning independent journalist and tech content creation specialist covering data security and privacy, business intelligence, big data and data analytics.